So what can I do with O2? - I go through what was possible to do back then with O2, very importantly, check out the type of analysis that I was already doing then (using O2 + the Ounce Labs engine)

In August 2009, IBM bought Ounce labs which I documented at the time with Update on O2 & Ounce & IBM , followed by Update #2 on O2 & IBM - 02 Sep 09 (after meeting the other IBM teams). This last post shows how by now I was realising that IBM had enough tools in their portfolio to create a really powerful integrated solution for embedding Security into SDLs (if only these tools could talk and work together). This was also the first time that I saw IBM's JAZZ, which from the first moment I though it was an amazing idea/concept).

Part II - Why IBM will 'solve the problem' - This is one of those post that (hopefully) will one day became true :) . The core idea is that IBM (as a company) 'Needs' application security, not as a product to sell and make money, but as a core foundation for their other software/development practices

Part III - Why I said NO to IBM ... for now - basically, O2 was providing answers to problems that that IBM teams didn't knew they had (or felt there was customer demand for them), so It was better to part ways and leave space to one day meet again :)